https://community.cisco.com/t5/network-security/nat-question/m-p/1144306#M878034 <P>My outside interface is 209.52.60.xx and my LAN (inside) is 192.168.0.0/16 and my DMZ (DMZ) is 172.25.10.0/24. I have nat working find for the inside interface, LAN uers can browse the internet with no issues. Futher I have port translation working for the inside network for some servers. In the DMZ I have port translation working for the Web server but the web server can't browse the internet. Nating does not work for the web server to browse the internet. I would really appreciate if someone can help me with this. I am stuppmed as what I am doing wrong.</P><P></P><P>here is the config</P><P></P><P>global (outside) 1 interface</P><P>nat (inside) 0 access-list inside_nat0_outbound</P><P>nat (inside) 1 0.0.0.0 0.0.0.0</P><P>nat (dmz) 1 172.25.10.0 255.255.255.0</P><P></P><P>Note: Inside network can browse the internet and port translation works</P><P></P><P>DMZ port translation works but unbale to browse the internet for host inside the DMZ.</P><P></P><P>Thank you all in advance.</P><P></P> Mon, 11 Mar 2019 14:33:22 GMT koshala76 2019-03-11T14:33:22Z https://community.cisco.com/t5/network-security/nat-question/m-p/1144306#M878034 <P>My outside interface is 209.52.60.xx and my LAN (inside) is 192.168.0.0/16 and my DMZ (DMZ) is 172.25.10.0/24. I have nat working find for the inside interface, LAN uers can browse the internet with no issues. Futher I have port translation working for the inside network for some servers. In the DMZ I have port translation working for the Web server but the web server can't browse the internet. Nating does not work for the web server to browse the internet. I would really appreciate if someone can help me with this. I am stuppmed as what I am doing wrong.</P><P></P><P>here is the config</P><P></P><P>global (outside) 1 interface</P><P>nat (inside) 0 access-list inside_nat0_outbound</P><P>nat (inside) 1 0.0.0.0 0.0.0.0</P><P>nat (dmz) 1 172.25.10.0 255.255.255.0</P><P></P><P>Note: Inside network can browse the internet and port translation works</P><P></P><P>DMZ port translation works but unbale to browse the internet for host inside the DMZ.</P><P></P><P>Thank you all in advance.</P><P></P> Mon, 11 Mar 2019 14:33:22 GMT https://community.cisco.com/t5/network-security/nat-question/m-p/1144306#M878034 koshala76 2019-03-11T14:33:22Z https://community.cisco.com/t5/network-security/nat-question/m-p/1144307#M878035 <HTML><HEAD></HEAD><BODY><P>Hello Koshala</P><P></P><P>Isnt that the webserver should be accessed from outside ? In that case, you need to give a static , instead of doing a global PAT.. </P><P></P><P>static (DMZ,outside) 209.x.x.x 172.25.10.2</P><P></P><P>doing this will enable both inbound and outbound access from/to internet..</P><P></P><P>If u just want outbound access, create a seperate global (outside) instance and it should then work fine..</P><P></P><P>Hope this helps.. all the best..</P><P></P><P>Raj</P></BODY></HTML> Tue, 06 Jan 2009 21:49:41 GMT https://community.cisco.com/t5/network-security/nat-question/m-p/1144307#M878035 sachinraja 2009-01-06T21:49:41Z https://community.cisco.com/t5/network-security/nat-question/m-p/1144308#M878036 <HTML><HEAD></HEAD><BODY><P>Sorry the static command was entered previously. That is why users can browse the web server from outside. I can browse the internet from the DMZ. </P><P></P><P>static (dmz,outside) 209.52.x.x 172.25.10.100 netmask 255.255.255.255</P><P></P><P></P></BODY></HTML> Tue, 06 Jan 2009 22:29:10 GMT https://community.cisco.com/t5/network-security/nat-question/m-p/1144308#M878036 koshala76 2009-01-06T22:29:10Z https://community.cisco.com/t5/network-security/nat-question/m-p/1144309#M878037 <HTML><HEAD></HEAD><BODY><P>so, ur issue is solved now ?</P><P></P><P>Raj</P></BODY></HTML> Wed, 07 Jan 2009 01:07:11 GMT https://community.cisco.com/t5/network-security/nat-question/m-p/1144309#M878037 sachinraja 2009-01-07T01:07:11Z https://community.cisco.com/t5/network-security/nat-question/m-p/1144310#M878038 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Please check if you have assigned any access-list to your dmz interface, if yes permit your websever(172.25.10.100) to access internet</P><P>Regards</P><P></P><P>Jithesh </P><P></P></BODY></HTML> Fri, 09 Jan 2009 12:48:26 GMT https://community.cisco.com/t5/network-security/nat-question/m-p/1144310#M878038 Jithesh K Joy 2009-01-09T12:48:26Z